Apple has removed seventeen apps developed by a Gujarat-based developer from the App Store after suspecting them to be infected with clickware meant to increase advertising revenue. Believed to have been first reported by cyber security company, Wandera, the apps were published on the App Store by AppAspect Technologies, but are no longer available for download.
According to the Wandera researchers, the apps were connecting to a “known command and control (C&C) server to simulate user interactions in order to fraudulently collect ad revenue”. The apps blacklisted by Apple covers a random set of application categories, including productivity, platform utilities and travel. The full list is as follows:
- RTO Vehicle Information
- EMI Calculator
- Loan Planner
- File Manager
- Live Cricket Scores
- Yoga Poses
- Internet Radio
- My Train Info
- Around Me Place Finder
- Ramadan Times 2019
- Qibla
- Smart Video Compressor
- BMR Calc
- Dual Accounts
- Video Editor
On an official blog post, Wandera said: “The Clicker Trojan module discovered in this group of applications is designed to carry out ad fraud-related tasks in the background, such as continuously opening web pages or clicking links without any user interaction … (It is a) class of malware that performs ad-fraud by making frequent connections to ad networks or websites in order to artificially inflate visitor counts or to generate revenue on a pay-per-click basis”.
According to the researchers, the developer has 51 apps published on the App Store, including one infected app called My Train Info that doesn’t appear under the developer profile. AppAspect Technologies also has a developer profile on the Google Play Store with 28 published apps, but Wandera says it found none of them to be communicating with the identified C&C server.